Has my Facebook account really been hacked?

Have you ever wondered what happens if your Facebook account gets hacked? It turns out your account could be lost forever and there's absolutely nothing you can do about it.

That's the ordeal exercise physiologist Emily Cordes is currently experiencing(Opens in a new window). Last week, she decided to access Facebook Marketplace and discovered she was logged out of her Facebook account. Her login credentials no longer worked and the password recovery process failed to send a verification code. Then she noticed the primary email address associated with the account was no longer hers, confirming she'd been hacked.

The person in control of the account had enabled two-factor authentication, then started posting spammy ads for Alaskan crab meat, which led to the account being suspended. Cordes now faces a race against time to regain control of her account in the 30-day period Facebook allows someone to contest a suspension decision. If Facebook doesn't hear anything within that time period, the account is permanently disabled.

The problem is, Cordes can't find anyone to talk to about her situation and get help to sort it out. An online form she filled out hasn't triggered a response, and all the email addresses she found and used to ask for help have gone unnoticed (or unread?) at Facebook. If this was a new account then perhaps it wouldn't matter so much, but Cordes has been using her Facebook profile for 15 years and explains:

"Thing is I’m a Mum of two who has just moved to a new area. Facebook groups have offered me support and community, and Mums I’ve met in local playgrounds have added me as a friend so we can use messenger to plan playdates. Without these apps sadly my little social life becomes a lot lonelier, and harder."

Add to that any media she has stored on the account for the last decade and a half could also be lost forever. And all because the social network is using completely automated systems that clearly don't account for specific, yet common situations like this.

Recommended by Our Editors

Get Our Best Stories!

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

Email

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Matthew Humphries

Senior Editor

I've been working at PCMag since November 2016, covering all areas of technology and video game news. Before that I spent nearly 15 years working at Geek.com as a writer and editor. I also spent the first six years after leaving university as a professional game designer working with Disney, Games Workshop, 20th Century Fox, and Vivendi.

I hold two degrees: a Bachelor's degree in Computer Science and a Master's degree in Games Development. My first book, Make Your Own Pixel Art, is available from all good book shops.

Even technically sophisticated friends are currently getting “hacked” on Facebook — here’s how to avoid it, and how to make sure your hacked account is fully recovered.

Usually, accounts are “hacked” because someone somehow gets a hold of your password. That’s bad for Facebook in particular, because people often use Facebook to log into other things — so if someone gets into your Facebook account, they have access to a bunch of other things too.

If your account has been hacked

Your account being “hacked” can take many shapes. Perhaps someone is sending messages on your behalf, posting as you or doing something else weird.

If you can still log in, you’re in luck; here’s what to do:

Change your password right away — that’s your first step, if you still have the power to do so. If you can’t log in, request a password reset. If that doesn’t work, it’s possible that someone has changed the email address on the account. There’s a way of dealing with that, too.

Report the weird behavior to Facebook, so they can help stop it happening to others.

Go to your security settings, and see if you recognize everywhere you are logged in. If you don’t recognize a location or a device, press the three-dot menu, and select “not you?”. This will log you out and will help you further secure your account.

Check that you recognize all apps and websites that have access to your Facebook account. Same as above; if there’s something you don’t recognize, hit “remove”.

In your general settings, check the e-mail addresses Facebook has listed for you. If there’s anything there that isn’t yours, remove it.

Change your password one more time, now that you know hackers (in theory) don’t have access to your account anymore. It should be a secure password (with letters, numbers and special characters). Don’t re-use your password from somewhere else. Ideally, use a password manager to ensure that you can keep track of all your different passwords, and use higher-quality passwords in general.

Turn on two-factor authentication. That means that even if your password was somehow stolen, they can’t log in without also having access to your phone or your authenticator app.

And finally, whenever something weird happens to your security and/or social media, change your email password. It’s bad enough to lose access to your social accounts, but your email is the holy grail for hackers, so rotating that password regularly (every 1-3 months) and changing it whenever something strange happens is a very good idea.

How to prevent getting hacked

The most common way that a Facebook account is compromised is by tricking you into giving the hackers your password. You may get a Messenger message from a friend on Facebook, saying something like “OMG did you see who died?” with a link. You click on the link, it looks like Facebook, but suddenly you’re being asked to log in again. You think nothing of it, and you type in your email and password… Uh-oh. Problem: The site that you just gave your password to isn’t actually Facebook, and now they have your password.

The best way to avoid this is to follow the steps above and turn on two-factor authentication. Then be vigilant: Whenever you log in, are you logging into a site that starts with https://www.facebook.com? If not — if it looks like something like ffacebook.com or facebook.this-is-a-security-notification.com — don’t type in your password. The safest thing, typically, is to manually type in Facebook.com into your URL bar if you’re using a web browser.

Remember that the Facebook app has a browser built in. So it’s possible that you are ‘in’ the Facebook app, but it could ask you for a password. It looks legitimate — how could it not be, this is the Facebook app — but use your head; if you’re already in the app, why would it ask you to log in? In short: If it seems weird, it is weird — don’t type in your password!

Check the apps that have access to your Facebook account (see above) semi-regularly. If you recognize an app but you haven’t used it in a while and you don’t think you’ll need it — delete it. You can always add it again later.

What are the symptoms of a hacked Facebook account?

Will Facebook notify me if my account is hacked?

How will you know if your account has been hacked?

Should I delete my Facebook account if its been hacked?